iPhone Attack Reveals Passwords In Six Minutes 186
angry tapir writes "Researchers in Germany say they've been able to reveal passwords stored in a locked iPhone in just six minutes and they did it without cracking the phone's passcode. The attack, which requires possession of the phone, targets keychain, Apple's password management system. Passwords for networks and corporate information systems can be revealed if an iPhone or iPad is lost or stolen."
Re:So....? (Score:3, Informative)
The key is that, apparently, the iPhone has enough information onboard to decrypt the passwords. This is a huge mistake. It's like leaving the key in the lock on your house. I'm hoping this story is bullshit, or if it's true Apple can resolve this quickly in the next OS release.
Assuming the assertions in the article are true...
I can only compare this to the Blackberry, since I own one and have researched its security model. All information in the filesystem as a whole (including the keyring) is encrypted by a key that is itself encrypted by the passcode you set to log in to the device. The password has strength parameters set in (minimum 8 chars, one number, etc). The phone locks itself after 15 minutes of non-use. My company sets all of these parameters and I can't override them.
I can choose optional portions of the filesystem that can be outside the encryption (all or portions of any SD chips you install, your address book so you can make calls when the phone is locked, etc). But email and passwords and such are protected (unless you're stupid enough to put passwords in your address book and not encrypt the address book, of course).
So if you get your paws on my Blackberry and it's locked you have to figure out the password in order to decrypt the key that allows access to the filesystem and keyring. After 10 bad tries, the phone overwrites the decryption keys with garbage and then starts formatting the filesystem.
That's not to say it's 100% secure - if you pull the SIM the phone can never receive the "wipe" command (so you have 10 tries or you can attempt to copy the contents of internal soldered memory), and of course you can pull the SD chip and copy it so you can decrypt that at your leisure.
But, hell, it's at least difficult.
it is using the latest/current device. (Score:5, Informative)
OR you could read the PDF which states CLEARLY:
"The results were taken from
a passcode protected and locked iPhone 4 with current firmware 4.2.1. "
That is the latest iOS and the latest iPhone, mind you.
http://www.sit.fraunhofer.de/en/Images/sc_iPhone%20Passwords_tcm502-80443.pdf [fraunhofer.de]
Re:Well... (Score:3, Informative)
>>>I sure am glad that my right to pay steve 30% To be fair, Microsoft and Ubuntu linux password systems are not any more secure. Apple is no worse than they.
Bzzt... the correct answer is both operating systems are more secure.
If windows syskey is used properly via startup storage device, TPM or startup password the nt hashes are stored in an encrypted database.
Ubuntu uses salted sha512 for password encryption by default. The length of time it takes to crack a password depends entirely on the security of the password.
In neither case will either Windows or Linux operating systems give up the has material without credentials or bypassing the OS by accessing the storage device directly.